December 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.

An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.

Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised. The hack was acknowledged by the forum’s current administrator, who assured members that their passwords were protected with a password obfuscation technology that was extremely difficult to crack.

But unlike in previous breaches at OGUsers, the perpetrators of this latest incident have not yet released the forum database. In the meantime, someone has been taunting forum members, saying they can have their profiles and private messages removed from an impending database leak by paying between $50 and $100.

OGUsers was hacked at least twice previously, in May 2019 and again in March 2020. In the wake of both incidents, the compromised OGUsers databases were made available for public download.

The leaked databases have been useful in reconstructing who’s behind several high-profile incidents involving compromised social media accounts and virtual currency heists that leveraged SIM swapping, a crime that centers around convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

For example, when several high-profile Twitter accounts were hacked in July 2020 and used to promote bitcoin scams, the profile and private message data from previous OGUser forum compromises proved invaluable in piecing together the “who” behind that scam.

The hacker handles featured in the defacement message left on OGUsers — “Chinese” and “Disco” — correspond to two nicknames used by banned OGUser members who have been trying to generate interest for their own forum that seeks to emulate OGUsers.

Disco, a.k.a “Discoli” a.k.a. “Disco Dog,” is a young man from the United Kingdom who has marketed an automated bot program and service advertised as a way for customers to “cash out” illicit access to OneVanilla Visa prepaid card accounts using PayPal. The same individual also earlier this year founded a corporation in the U.K. called Disco Payments.

Reached via Twitter, Discoli said he and his friends hacked OGUsers via an outdated plugin used by the site. But he claims they have no plans to sell the stolen user data, and said the company was registered as a joke.

“I had a sort of feud with the administrator in the past but this one was more for fun,” Discoli said. “Not too interested in doing damage by releasing database or anything like that.”

As I noted the first time OGUsers got hacked, it’s difficult not to admit feeling a bit of schadenfreude in the continued exposure of a community that has largely specialized in hacking others. Or perhaps in the case of OGUsers, the sentiment may more aptly be described as “schadenfraud.”


36 thoughts on “Account Hijacking Site OGUsers Hacked, Again

  1. UnBlinking

    Referring to Discoli as “The sane individual” is one of those typos that gets readers thinking 🙂

  2. Nobby Nobbs

    Nice report, Brian!

    Good to hear that Discoli’s sanity is not in question, but can you provide a citation?

    “The sane individual also earlier this year founded a corporation in the U.K. called Disco Payments.”

  3. anon

    Hello, Krebs! Great report. You mention the OneVanilla Visa gift cards, but this is actually a whole community of fraudsters. We would love to see you do a whole report on them, as it is easy to infaltrate their communications (use Telegram, group is https://t.me/thecommunitychat). They steals millions from people each year doing this, from what I can tell. In fact, they even phished my birthday present which was one of these cards!!!

    I think Discoli leads this community too.

    1. anon

      Agreed! I was trying to buy a vanilla visa card from 7-11, and one of their sites stole my card! The message was “You just got beamed by banana boy”… I wonder what this means! Please check this community out, they steal my birthday gift!

      1. Julian shirley

        Beamed means scammed, to beam is to scam. It’s a fairly new term that arose from the online gaming community, originally meaning “owned” as in laser site dot headshot but later was evolved into it’s current context meaning to scam, mostly within the credential stuffing, handle collecting and hacking scenes.

    2. disco

      Hello anon,

      I am indeed disco (li) and can assure you I don’t run that community nor affiliate with any of those public group chats filled with malicious characters.

      I mind my own business in my own corner of the internet and definitely do not run any active groups.

      Thanks!

  4. Four Grande

    Hello I am an imfam0us OneVanilla community reseller. I have recently exit scammed because I hate black people!

  5. ducky & anx

    yeah, i actually own these chats. we do not do fraud. please stop saying we do.

  6. mavis

    me n my homies love brian krebs!!! ok fr, bro brian stop being a retard.

  7. Rexia sexy female

    https://open.spotify.com/album/51Z7NkgMNNief91WBy2Qbu

    [Beginning – Yung Discoli]
    Yung Discoli making virtual mils
    I be straight getting chills
    All this illegal cash flow
    Spend it all on thrills
    Bingo is my card hookup
    Make more money than a grown up
    The honey so plump
    Call me lil pump

    [Verse 1 – Yung Discoli]
    This money ain’t clean
    But it sure buy supreme
    Imma go to your girls house
    Give her some cream
    We use some protection
    VPN guarding my connection
    Voted Donald Trump regarding the election
    Be poppin’ them pills, call it an injection

    [Verse 2 – Yung Discoli]
    I be picking up yo girl
    She gave me a wink
    I gave her a cool mint
    She told me I taste peppermint
    I said give us a mystery
    I ain’t no UberEats, but still
    Finna go home, give her that delivery
    I be workin’ in the industry

    [Sound Effect]

    I be sipping on that lean, here comes Lil Listerine

    [Verse 3 – Lil Listerine]
    Listerine, I’ve always been clean
    Call me an Athlete, cuz I’m always seen
    I ain’t fat but I always eat
    Discoli is pretty obscene
    I never sit in the backseat of the limousine
    Always got that vape on hold, it’s that nicotine
    Imma be chillin I’m always in the green
    I always have the magic but I ain’t no planet sheen
    Niggas think I’m looking like a meal, Kids Cuisine
    Gonna make them stacks, already bought my mom a house
    And I’m already chilling at the whorehouse, I ain’t black but I’m white enough to be both
    Just like Mickey Mouse
    I ain’t like Minnie, I don’t wear a blouse gonna pull an OJ and take yo’ spouse gonna take and invite her to my Clubhouse

  8. Lana

    Hello I am a singer and someone im this community uses my name and picture to do this things. Also banana boi hates black people

  9. None

    OGU is full of skiddies and low level plebs. I hope they leak the db to public again so I can dig through it.

    1. Le Continental

      Je mightent hackez-vous, en garde s’il vous plait!

      Ecoutent, accoutant!

  10. dasty

    Shutting down thousands of schools? How does this guy differ from a terrorist? Recommendation: permanent Gitmo.

  11. Tellpizzahut

    Thanks for the update and quick reply. I’ll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.

Comments are closed.